package cn.edu.seig.textbook.config;

import cn.edu.seig.textbook.filter.SecurityCaptchaFilter;
import cn.edu.seig.textbook.utils.LoginSuccessHandle;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;

import javax.sql.DataSource;

/**
 * @author 2240709524——杨佳壕
 */
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true,securedEnabled = true,jsr250Enabled = true)
public class SecurityConfig {
    @Autowired
    private DataSource dataSource;
    @Autowired
    private SecurityCaptchaFilter securityCaptchaFilter;
    @Bean
    public JdbcTokenRepositoryImpl tokenRepository(){
        JdbcTokenRepositoryImpl jr=new  JdbcTokenRepositoryImpl();
        jr.setDataSource(dataSource);
        return jr;}

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http, LoginSuccessHandle loginSuccessHandle, SecurityCaptchaFilter securityCaptchaFilter) throws Exception {
        http.addFilterBefore(securityCaptchaFilter, UsernamePasswordAuthenticationFilter.class)
                .authorizeHttpRequests((authorize) ->authorize
                        .requestMatchers("/i18n/**","/css/**","/img/**","/js/**","/fonts/**","/getVerifyCode","/upload/**","/toLoginPage").permitAll()
                        .requestMatchers("/admin/**").hasAnyAuthority("ROLE_admin")
                        .requestMatchers("/teacher/**").hasAnyAuthority("ROLE_teacher")
                        .requestMatchers("/student/**").hasAnyAuthority("ROLE_student")
                        .requestMatchers("/purchase/**","/purchase_table/**").hasAnyAuthority("ROLE_finance")
                        .anyRequest().authenticated()
                )
                .formLogin(
                        form->form
                                .loginPage("/login")
                                .successHandler(loginSuccessHandle)
                                .permitAll()
                )
                .logout(
                        form->form
                                .logoutUrl("/logout")
                                .logoutSuccessUrl("/login?logout")
                                .invalidateHttpSession(true)
                );
        http.rememberMe((rememberMe) ->rememberMe
                .rememberMeParameter("rememberme")
                .tokenValiditySeconds(120).tokenRepository(tokenRepository())
        );

        return http.build();
    }

    @Bean
    public PasswordEncoder password() {
        return new BCryptPasswordEncoder();
    }


}
